[Dshield] how to take down a 'bot-net' ?

Johannes Ullrich jullrich at euclidian.com
Fri Oct 4 16:48:53 GMT 2002


> How geographically widespread is the typical 'bot-net'?  From your notes
> I gather they can be world wide.

Typically they are worldwide. In this case, there are quite a few
hosts from Taiwan, France and Germany. Its more or less 'random'
so you have the typical mix.

In a few cases, the attacks that where used to build the botnet
are more targeted. The infamous 'leaves' worm went after AOL &
Earthlink users. I had one a couple months back that went after
.edu's.

-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021004/7759788b/attachment.bin


More information about the list mailing list